计算机科学

计算机科学 ›› 2015, Vol. 42 ›› Issue (1): 129-136.doi: 10.11896/j.issn.1002-137X.2015.01.031

• 信息安全 • 上一篇    下一篇

基于CBR和描述逻辑的网络安全应急响应

蒋菲,古天龙,徐周波,常亮   

  1. 桂林电子科技大学 广西可信软件重点实验室 桂林541004,桂林电子科技大学 广西可信软件重点实验室 桂林541004,桂林电子科技大学 广西可信软件重点实验室 桂林541004,桂林电子科技大学 广西可信软件重点实验室 桂林541004
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受国家自然科学基金(60963010,9,61262030,0,61100025),广西自然科学基金(2012GXNSFBA053169)资助

Network Security Emergency Response Based on CBR and Description Logic

JIANG Fei, GU Tian-long, XU Zhou-bo and CHANG Liang   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

467

摘要: 网络安全应急响应是未来信息安全策略的重心。目前应急响应主要依靠应急响应团队和安全管理者,他们虽能够有效处理部分安全事件,但不能给出在具体环境下 合理、快速、有效地处理 安全事件的方法。针对该问题,提出了智能化的基于案例推理和描述逻辑的网络安全应急响应方法,用以实现对具体安全事件的自动处理。首先用描述逻辑刻画网络安全应急响应领域知识,然后设计了基于细化算子和细化图的相似度匹配算法,给出了基于案例的推理(Case based reasoning,CBR)在应急响应中的具体实现过程,最后用具体实例检验了提出的方法。结果表明该方法具有清晰语义、自动分类概念和良好推理能力等特性,能够从过去的安全事件中获得目前所遇到的安全事件的解决方案,并能够给出具体环境下安全事件的处理方法。

关键词: 网络安全事件,基于案例的推理,描述逻辑,应急响应

Abstract: Network security emergency response is the focus of information security policy for future.The current emergency response mainly depends on the incident response team and safety manager,which can effectively deal with part of security incidents,but not give the reasonable,fast,effective processing method for security incidents under specific environment.To solve this problem,the paper proposed an intelligent method based on case based reasoning and description logic for network security emergency response,to handle specific security incidents automatically.First,we used description logic to describe domain knowledge of network security emergency response,and then designed a good matching algorithm of similarity based on refinement operator and refinement graph,gave the realization process of the CBR in emergency response,and finally used the specific examples to validate the proposed method in this paper.The results show that the method has the characteristics of clear semantics,automatic classification of concept and good reasoning ability,and can get the current problem solution from past security incidents,and is capable of giving the handling method of security incidents under specific environment.

Key words: Network security incident,Case based reasoning,Description logic,Emergency response

[1] Mitropoulos S,Dimitrios P,Christos D.On Incident Handlingand Response:A state-of-the-art approach [J].Computers & Security,2006,25(5):351-370
[2] Danyliw R,Meijer J,Demchenko Y.RFC 5070:The IncidentObject Description Exchange Format .http:/www.ietf.org/rfc./rfc5070.txt
[3] Scarfone K,Grance T,Masone K.Computer security incident handling guide[J].NIST Special Publication,2008,800(61):38
[4] European Network Information Security Agency.Good practice guide for incident management [EB/OL] .[2013-12-09].https://www.enisa.europa.eu/activities/cert/support/incident-management/files/good-practice-guide-for-incident-management (下转第163页)(上接第136页)
[5] Ahmad A,Hadgkiss J,Ruighaver A B.Incident response teams-Challenges in supporting the organizational security function[J].Computers & Security,2012,31(5):643-652
[6] Gonzalez J W J J,Kossakowski K P,Wiik J.Limits to Effectiveness in Computer Security Incident Response Teams[C]∥Proc.of Twenty Third International Conference of the System Dynamics Society.Boston,Massachusetts,2005
[7] Hashemi S H,Babaeizadeh M,Nowruzi M,et al.A comprehensive semi-automated incident handling workflow[C]∥Proc.of IEEE Symp on Sixth International Telecommunications (IST).2012:1065-1070
[8] Ping L,Haifeng Y,Guoqing M.An incident response decisionsupport system based on CBR and ontology[C]∥Proc.of the 2010 Int Conf on Computer Application and System Modeling (ICCASM).IEEE,2010,11:337-340
[9] Nowruzi M,Jazi H H,Dehghan M,et al.A comprehensive classification of incident handling information[C]∥Proc.of IEEE Symp on Sixth International Telecommunications (IST).2012:1071-1075
[10] 罗杰文,施智平,何清,等.一种CBR与RBR相结合的快速预案生成系统[J].计算机研究与发展,2007,44(4):660-666
[11] Aamodt A,Plaza E.Case-based reasoning:Foundational issues,methodological variations,and system approaches [J].AI communications,1994,7(1):39-59
[12] Gómez-Albarrán M,González-Calero P A,Díaz-Agudo B,et al.Modelling the CBR Life Cycle Using Description Logics[M].Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,1999:147-161
[13] Zeghib Y,De Beuvron F ,Kullmann M.Using description lo-gics for designing the case base in a hybrid approach for diagnosis integrating model and case-based reasoning[M].Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,2001:561-575
[14] 方滨兴.建设网络应急体系保障网络空间安全[J].通讯学报,2002,3(5):4-8
[15] Bergmann R,Kolodner J,Plaza E.Representation in case-based reasoning[J].The Knowledge Engineering Review,2005,20(3):209-213
[16] 刘欣然.一种新型网络攻击分类体系[J].通信学报,2006,27(2):160-167
[17] Cunningham P.A Taxonomy of Similarity Mechanisms for Case-Based Reasoning[J].IEEE Trans on Knowledge and Data Engineering,2009,1(11):1532-1543
[18] Sánchez-Ruiz A A,Ontaón S,González-Calero P A,et al.Measuring similarity in description logics using refinement operators[M]∥Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,2011:289-303
[19] Sánchez-Ruiz A A,Ontaón S,González-Calero P A,et al.Refinement-Based Similarity Measure over DL Conjunctive Queries[M]∥Case-Based Reasoning Research and Development.Springer Berlin Heidelberg,2013:270-284
[20] Amailef K,Lu J.Ontology-supported case-based reasoning approach for intelligent m-Government emergency response services[J].Decision Support Systems,2013,55(1):79-97
[21] Vander Laag P R J,Nienhuys-Cheng S H.Completeness andproperness of refinement operators in inductive logic programming[J].The Journal of Logic Programming,1998,34(3):201-225
[22] Lehmann J,Hitzler P.Foundations of refinement operators for description logics[M]∥Inductive Logic Programming.Springer Berlin Heidelberg,2008:161-174
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发